From aadaaa17046f846e5667d7102ef4ed8c1553a491 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sun, 25 Feb 2024 10:40:07 -0600 Subject: [PATCH] Storing omni patches and template. --- .omni/omni-cluster-patchesyml.yml | 35 +++++++++++++++++++ .omni/omni-cp-patches.yml | 25 +++++++++++++ .../omni-template.yaml | 1 + 3 files changed, 61 insertions(+) create mode 100644 .omni/omni-cluster-patchesyml.yml create mode 100644 .omni/omni-cp-patches.yml rename omni-template.yaml => .omni/omni-template.yaml (99%) diff --git a/.omni/omni-cluster-patchesyml.yml b/.omni/omni-cluster-patchesyml.yml new file mode 100644 index 00000000..d400d26e --- /dev/null +++ b/.omni/omni-cluster-patchesyml.yml @@ -0,0 +1,35 @@ +# Cluster +machine: + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" + kubelet: + defaultRuntimeSeccompProfileEnabled: true + + extraMounts: + - destination: /var/openebs/local + options: + - bind + - rshared + - rw + source: /var/openebs/local + type: bind + files: + - content: |- + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + op: create + path: /etc/cri/conf.d/20-customization.part + permissions: 0 +cluster: + network: + cni: + name: none + proxy: + disabled: true \ No newline at end of file diff --git a/.omni/omni-cp-patches.yml b/.omni/omni-cp-patches.yml new file mode 100644 index 00000000..8c926185 --- /dev/null +++ b/.omni/omni-cp-patches.yml @@ -0,0 +1,25 @@ +# Control Plane +cluster: + apiServer: + admissionControl: + - configuration: + exemptions: + namespaces: + - openebs-system + - security + - kyverno + - rook-ceph + - qbittorrent + name: PodSecurity + disablePodSecurityPolicy: true + extraArgs: + bind-address: 0.0.0.0 + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + etcd: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + scheduler: + extraArgs: + bind-address: 0.0.0.0 diff --git a/omni-template.yaml b/.omni/omni-template.yaml similarity index 99% rename from omni-template.yaml rename to .omni/omni-template.yaml index a21bd110..e84087b3 100644 --- a/omni-template.yaml +++ b/.omni/omni-template.yaml @@ -113,6 +113,7 @@ patches: - security - kyverno - rook-ceph + - qbittorrent name: PodSecurity --- kind: Workers